SonicWALL dynamic to static ASA

Forgive the almost matching repost of a question, which I had last week, but I wanted to be sure of something.

I now have a foreign Sonicwall which has a dynamic outside the address.  I'll set up a tunnel to my ASA, which has a static address.

Of course the Sonicwall launches the connection.

I'm so clear:

On the SAA, I can set up a group of tunnel to accept the * dynamics * connection from the Sonicwall remote?  Or is my only option to use the DefaultL2LGroup (main mode) or DefaultRAGroup (aggressive mode)?

Thank you!

Hello

You can do the following:

Crypto dynamic-map cisco 1 value transform-set ESP-3DES-MD5-ESP-3DES-SHA

Kind regards

-Gustavo

Tags: Cisco Security

Similar Questions

  • Dynamic to static IPSec with certificate-based authentication

    I'm trying to implement a dynamic to static LAN2LAN vpn from an ASA 5505 (with a dynamic IP address) to an ASA5520 (with a static IP address)
    I wish I had a small (/ 30) network on the side dynamics which I can connect to a larger (/ 24) network on the static side.
    I also try to use the identity for authentication certificates.

    I produced a root and intermediate CA signed of the intermediate CA with the certificate authority root and then created identity cases for
    the ASAs, signed with the intermediate CA using OpenSSL and imported to a trustpoint

    I tried to use the instructions on:
    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a0080930f21.shtml
    to configure certificates (replacing MS with OpenSSL) and following the instructions to:

    I tried the ASDM to set up the cert to identity appropriate on the external interface
    [Configuration-> Device Management-> advanced-> SSL settings]

    and establish a connection profile [Configuration-> Device Management-> connection profiles] on both devices,
    setting the part that gets its IP via DHCP static and the side that has the IP permanently to accept dynamic.

    I apply the settings, and nothing happens.

    See the crypto isakmp just returns "there is none its isakmp.

    I don't know where to start debugging it. How can I force the side DHCP to initiate a connection?

    We are sure that both peers are using the same isakmp settings? It seems the policy that uses rsa - sig on one end uses a different Diffie-Hellman group.

  • VPN site-to-site dynamic-to-static

    Dear

    I have a few sites already connected with ASA 5505 VPN site to site with both ending static IP address.  Normally, all traffic can be found without any problems.  Even, I used 'inside access management' for the two ASA.

    Now I have a new office with only the ADSL pppoe.  I used to install between Site B:remote the site dynamic IP and IP SiteA:static with a similar example of this easy VPN: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805733df.shtml

    All my ASA 5505 run 1 8.4 (4)

    Site A - Static IP

    Site B - Dynamic IP with pppoe connection.

    After EasyVPN connected, I don't know how I remote manangment of the site a lan at the ASA 5505 B site?

    Best regards

    Alan.

    If you're ok with or the other solution, it is probably easier to use dynamic to static lan-to-lan, so, at least, that your solution is consistent and fair use lan-to-lan tunnel instead of customer vpn solution mixture and lan-to-lan.

  • VPN L2L dynamic to static w/o DefaultL2LGroup

    I was looking for a method to have a VPN L2L static dyn without using DefaultL2LGroup but to set in place several groups of tunnel for each router with a dynamic IP address. Many people say it is not possible, but I found this guide: http://inetpro.org/wiki/LAN-to-LAN_IPSec_VPN_between_PIX/ASA_7.2_hub_and_IOS_spokes_with_dynamic_IP_addresses

    Now the problem: the vpn rises, but I can't reach any device with a ping.

    Side static: ASA 5505 - 8.22

    Side Dynamics: Zyxel P-661HW-D3

    Here is the config for the SAA:

    access-list outside extended permit icmp any any
    
    access-list outside extended deny ip any any
    
    access-list inside extended permit ip 10.1.0.0 255.255.248.0 10.51.10.0 255.255.255.0
    
    access-list inside extended deny ip any any
    
    access-list VPN extended permit ip 10.1.0.0 255.255.248.0 10.51.10.0 255.255.255.0
    
    access-list ST_3710 extended permit ip 10.1.0.0 255.255.248.0 10.51.10.0 255.255.255.0
    

    nat (inside) 0 access-list VPN
    
    nat (inside) 1 10.1.0.0 255.255.248.0
    

    access-group inside in interface inside
    
    access-group outside in interface outside
    

    crypto ipsec transform-set myset esp-3des esp-md5-hmac
    
    crypto ipsec security-association lifetime seconds 28800
    
    crypto ipsec security-association lifetime kilobytes 4608000
    

    crypto dynamic-map DN3710 1 match address ST_3710
    
    crypto dynamic-map DN3710 1 set transform-set myset
    

    crypto map dyn-map 2 ipsec-isakmp dynamic DN3710
    
    crypto map dyn-map interface outside
    

    crypto isakmp enable outside
    

    crypto isakmp policy 10
    
    authentication pre-share
    
    encryption 3des
    
    hash md5
    
    group 2
    
    lifetime 86400
    

    crypto isakmp policy 20
    
    authentication pre-share
    
    encryption des
    
    hash md5
    
    group 2
    
    lifetime 86400
    
    no crypto isakmp nat-traversal
    

    group-policy GP3710 internal
    
    group-policy GP3710 attributes
    
    vpn-filter value ST_3710
    
    vpn-tunnel-protocol IPSec
    

    tunnel-group TG3710 type ipsec-l2l
    
    tunnel-group TG3710 general-attributes
    
    default-group-policy GP3710
    
    tunnel-group TG3710 ipsec-attributes
    
    pre-shared-key *********

    As you can see it the vpn is in place:

    2   IKE Peer: ***.***.***.***
    
        Type    : L2L             Role    : responder
    
        Rekey   : no              State   : AM_ACTIVE

    Thanks in advance if anyone can help me with this problem.

    Kind regards

    Luca

    Hello Luca,

    You have reason for it, you can have the spokes of landing on a separate tunnel-groups, not only for the DefaultL2LGroup, the ASA follows this sequence when making a tunnel-group looup for L2L tunnels with pre-shared keys:

    - ike-id verified first and could be (full fqdn) host name or IP address

    -If ike-id search fails ASA tent peer IP address

    -DefaultRAGroup/DefaultL2LGroup is used as a last resort

    The output of your "sh cry isa his" I can see that at least Phase 1 is in place for your tunnel, please make sure that it landed on the correct tunnel-group.

    The problem I see clearly here is the VPN filter that you have applied Group Policy, keep in mind that we must apply filters on incoming management vpn.

    When a vpn-filter is applied to a political group that governs a LAN to LAN VPN connection, the ACL must be configured with the
    remote network in the position of the ACL src_ip and LAN in the position of dest_ip of the ACL.  Be careful during the construction of the
    ACL for use with the vpn-filter feature.  The ACL are built with traffic after decrypted in mind, however, they are also applied to the traffic
    in the direction opposite.

    In your case, the remote network is 10.51.10.0 255.255.255.0 and the local network 10.1.0.0 255.255.248.0. so let's say you want to allow just telnet:

    The following ACE will allow remote Telnet network for LAN:

    permit access-list vpnfilt-l2l 10.51.10.0 255.255.255.0 10.1.0.0 255.255.248.0 eq 23

    The following ACE will allow LAN to Telnet to the remote network:
    permit access-list vpnfilt-l2l 10.0.0.0 255.255.255.0 eq 23 10.1.0.0 255.255.248.0

    Note: The ACE access-list vpnfilt-l2l allowed 10.51.10.0 255.255.255.0 10.1.0.0 255.255.248.0 eq 23 will allow the local network establish a connection to the remote on any TCP port network if he uses a port source from 23.

    The access-list vpnfilt-l2l allowed 10.0.0.0 ACE 255.255.255.0 eq 23 10.1.0.0 255.255.248.0 will allow the network to remote connect to the LAN on any TCP port if he uses a port source from 23.

    Kind regards

  • Dynamic to static L2L IPSec VPN

    Hello

    I've implemented a dynamic to static IPSec Site to Site VPN between a branch (ship) ASA5505 and headquarters. Now, this solution does not allow HQ initiate the IPsec connection.

    There is a router behind the ASA5505. I heard that if I want to keep the tunnel upward, so that the HQ customers can switch the traffic to remote clients through the tunnel, I would need to run ALS IP icmp probes on the router behind the ASA.

    Could someone explain how to implement it?

    Thanks for your help.

    Frank

    The ICMP probe can be done through any device that is able to do ping, not only of the router.

    The reason is that it is interesting traffic triggers the traffic is encrypted by the vpn tunnel, tunnel will stay up, so you will be able to open the connection to the AC to your remote site.

    Hope that helps.

  • KeepAlive to restore a dynamic to static tunnel?

    Hi all

    I have a dynamic to static 501 501 configuration of operating system 6.3 pix pix. I would use KeepAlive to re - establish the tunnel where the tunnel down. Is this possible?

    Theres a workaround for any solution, you have the pix to the extreme end use a local ntp or server syslog, this traffic would bring the tunnel upward, as it has been defined as interesting.

  • A dynamic Site static IOS ASA

    I had a hard time getting a VPN configuration from site to site with a dynamic address on IOS on a static address on ASA. I followed the example found here. http://www.Cisco.com/en/us/Products/HW/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml , but it won't work if I name the Group of Tunnel on the IP address of the WAN IOS port ASA if I use a generic name such as "cisco" as in the example, it will fail. Here's my current ASA configs and IOS. 192.168.7.5.0/24 is side LAN IOS and 192.168.254.0/24 side LAN ASA any help would be appreciated.

    You must use the tunnel group DefaultL2LGroup...

    tunnel-group DefaultL2LGroup type ipsec-l2l

  • ASA-dynamic to static VPN fails

    I have an ASA 5510 with an address of STIC and a 5505 with a dynamics.

    I created a dynamic the 5510 virtual private network. When the 5505 with it's dynamic address, tried to connect with me, I get the following errors:

    ' Mar 25 05:45:14 [IKEv1]: IP = 213.137.6.203, message received ISAKMP Aggressive Mode 1 with the name of the unknown group tunnel ' 213.137.6.203 '.
    Mar 25 05:45:14 [IKEv1]: Group = DefaultRAGroup, IP = 213.137.6.203, Removing peer to peer table does not, no match!
    Mar 25 05:45:14 [IKEv1]: Group = DefaultRAGroup, IP = 213.137.6.203, error: cannot delete PeerTblEntry

    I also get a similar error 5505 a aggressive Mode disabled

    Looks like the 5510 believes it is an application for connection (site-to-site) L2L as opposed to a connection established dynamically.  It doesn't have a group of tunnel for 213.137.6.203.  You can create a group of tunnel with that name to resolve this problem.

    The other option is to implement the ASA for a remote access connection (for example, Easy VPN).

    Here's a URL that describes how to configure Easy VPN with NEM and L2L.  HTH

    http://www.Cisco.com/application/PDF/paws/100313/pixasa_easy_l2l_vpn.PDF

  • 8.2 ASA dynamic VPN to ASA static config help

    Hello

    I'm trying to set up a tunnel l2l between an ASA and ASA remote central where the remote receives a DHCP provider address.

    ASA Remote Config:

    interface Vlan1

    nameif inside

    security-level 100

    IP 10.10.10.1 255.255.255.0

    # Receives an IP address of 90.0.1.203 from the provider.

    interface Vlan2

    nameif outside

    security-level 0

    IP address dhcp setroute

    the Corp_Networks object-group network

    object-network 172.16.0.0 255.240.0.0

    object-network 10.0.0.0 255.0.0.0

    object-network 192.168.252.0 255.255.255.0

    access-list SHEEP extended ip 10.10.10.0 allow 255.255.255.0 Corp_Networks object-group

    Remote access ip 10.10.10.0 extended list allow 255.255.255.0 Corp_Networks object-group

    NAT (inside) 0 access-list SHEEP

    NAT (inside) 1 0.0.0.0 0.0.0.0

    outdoor 10.0.0.0 255.255.255.0 90.0.1.1

    Route outside 172.16.0.0 255.240.0.0 90.0.1.1

    Route outside 192.168.252.0 255.255.255.0 90.0.1.1

    Crypto ipsec transform-set esp-3des esp-sha-hmac ToCorp

    outside_map card crypto 10 corresponds to the Remote address

    outside_map 10 peer Public_address crypto card game

    card crypto outside_map 10 game of transformation-ToCorp

    life safety association set card crypto outside_map 10 28800 seconds

    card crypto outside_map 10 set security-association life kilobytes 4608000

    outside_map interface card crypto outside

    crypto ISAKMP allow outside

    crypto ISAKMP policy 10

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 864000

    No encryption isakmp nat-traversal

    tunnel-group Public_address type ipsec-l2l

    IPSec-attributes tunnel-group Public_address

    pre-share-key Council

    ASA company Config:

    the Corp_Networks object-group network

    object-network 172.16.0.0 255.240.0.0

    object-network 10.0.0.0 255.0.0.0

    object-network 192.168.252.0 255.255.255.0

    access-list allowed extensive sheep object-group Corp_Networks 10.10.10.0 ip 255.255.255.0

    access-list ToRemote allowed ext object-group ip Corp_Networks 10.10.10.0 255.255.255.0

    NAT (inside) 0 access-list sheep

    Route outside 10.10.10.0 255.255.255.0 Public_Gateway

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    ToRemote game Dynamics-card 65530, crypto transform-set ESP-3DES-SHA

    outside_map map 8-isakmp dynamic ipsec ToRemote crypto

    outside_map interface card crypto outside

    crypto ISAKMP policy 20

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    IPSec-attributes tunnel-group DefaultL2LGroup

    pre-shared-key *.

    Output of remote endpoint:

    ISAKMP crypto #sh her

    ITS enabled: 1

    Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)

    Total SA IKE: 1

    1 peer IKE: Public_Address

    Type: L2L role: initiator

    Generate a new key: no State: MM_ACTIVE

    #sh crypto ipsec his

    Interface: outside

    Tag crypto map: outside_map, seq num: 10, local addr: 90.0.1.203

    Hawaii2Avid to access extended list ip 10.10.10.0 allow 255.255.255.0 10.0.0.0 255.0.0.0

    local ident (addr, mask, prot, port): (10.10.10.0/255.255.255.0/0/0)

    Remote ident (addr, mask, prot, port): (10.0.0.0/255.0.0.0/0/0)

    current_peer: Public_address

    #pkts program: 616, #pkts encrypt: 616, #pkts digest: 616

    #pkts decaps: 22, #pkts decrypt: 22, #pkts check: 22

    compressed #pkts: 0, unzipped #pkts: 0

    #pkts uncompressed: 616, #pkts comp failed: 0, #pkts Dang failed: 0

    success #frag before: 0, failures before #frag: 0, #fragments created: 0

    Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0

    #send errors: 0, #recv errors: 0

    local crypto endpt. : 90.0.1.203/4500, remote Start crypto. : Public_address/4500

    Path mtu 1500, fresh ipsec generals 66, media, mtu 1500

    current outbound SPI: D6A48143

    current inbound SPI: E0C4F32A

    SAS of the esp on arrival:

    SPI: 0xE0C4F32A (3771003690)

    transform: esp-3des esp-sha-hmac no compression

    running parameters = {L2L, Tunnel, NAT-T program,}

    slot: 0, id_conn: 36864, crypto-card: outside_map

    calendar of his: service life remaining (KB/s) key: (3914994/28098)

    Size IV: 8 bytes

    support for replay detection: Y

    Anti-replay bitmap:

    0 x 00000000 0x007FFFFF

    outgoing esp sas:

    SPI: 0xD6A48143 (3601105219)

    transform: esp-3des esp-sha-hmac no compression

    running parameters = {L2L, Tunnel, NAT-T program,}

    slot: 0, id_conn: 36864, crypto-card: outside_map

    calendar of his: service life remaining (KB/s) key: (3914952/28098)

    Size IV: 8 bytes

    support for replay detection: Y

    Anti-replay bitmap:

    0x00000000 0x00000001

    Tag crypto map: outside_map, seq num: 10, local addr: 90.0.1.203

    Hawaii2Avid to access extended list ip 10.10.10.0 allow 255.255.255.0 172.16.0.0 255.240.0.0

    local ident (addr, mask, prot, port): (10.10.10.0/255.255.255.0/0/0)

    Remote ident (addr, mask, prot, port): (172.16.0.0/255.240.0.0/0/0)

    current_peer: Public_Address

    #pkts program: 406, #pkts encrypt: 406, #pkts digest: 406

    #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0

    compressed #pkts: 0, unzipped #pkts: 0

    #pkts uncompressed: 406, model of #pkts failed: 0, #pkts Dang failed: 0

    success #frag before: 0, failures before #frag: 0, #fragments created: 0

    Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0

    #send errors: 0, #recv errors: 0

    local crypto endpt. : 90.0.1.203/4500, remote Start crypto. : Public_Address/4500

    Path mtu 1500, fresh ipsec generals 66, media, mtu 1500

    current outbound SPI: 1BE239F9

    current inbound SPI: AC615F8D

    SAS of the esp on arrival:

    SPI: 0xAC615F8D (2892062605)

    transform: esp-3des esp-sha-hmac no compression

    running parameters = {L2L, Tunnel, NAT-T program,}

    slot: 0, id_conn: 36864, crypto-card: outside_map

    calendar of his: service life remaining (KB/s) key: (3915000/28095)

    Size IV: 8 bytes

    support for replay detection: Y

    Anti-replay bitmap:

    0x00000000 0x00000001

    outgoing esp sas:

    SPI: 0x1BE239F9 (467810809)

    transform: esp-3des esp-sha-hmac no compression

    running parameters = {L2L, Tunnel, NAT-T program,}

    slot: 0, id_conn: 36864, crypto-card: outside_map

    calendar of his: service life remaining (KB/s) key: (3914973/28092)

    Size IV: 8 bytes

    support for replay detection: Y

    Anti-replay bitmap:

    0x00000000 0 x 000000000

    We just seems stuck at this point and can't seem to get the traffic going back and forth, even if the tunnel does not seem to be connected.  The only concern I see is pkts getting encrypted but none decrypts.  It is usually something to do with the acl, but this one is pretty simple.

    Thank you

    -Geoff

    Please check if you have any other card/LAN-to-LAN crypto configured on the ASA Corporate where the crypto ACL may overlap.

    If you can share the map full encryption as well as the ACL of the ASA Corporate crypto, we can check for you.

    Misspelling of the ASA remote path statement:

    outdoor 10.0.0.0 255.255.255.0 90.0.1.1

    I understand that you want to access the full class on the site of the company, where the road should say:

    external route 10.0.0.0 255.0.0.0 90.0.1.1

  • Problem of site 2 site config dynamic to static

    I must be missing something in the config, but I'm not sure.

    Try to get a 506th PIX (6.3) at an ASA 5505 (7.2). The PIX is dynamic IP and the SAA is the static IP address. This is a second Site 2 site VPN between the PIX and PIX, another who has an IP staitic.

    I tried everything I can think of. I think it's on the side of the ASA, but not sure. I have reset the pre shared key several times. I tried the sysopt connection permit-vpn on the SAA. He took command, but it does not appear in the config of runn. Put in ipsec-ra tunnels both ipsec-l2l as well as other things. In any case, I have attached my config.

    Almost forgot, I used this link as a guide. http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805733df.shtml

    Thanks for your help - Keith

    Keith,

    I think you should compare your ASA to static IP and the PIX for dynamic-IP configs - see what is different (apart from the names of things)

    The pre-shared key, I used was test1234 at both ends.

  • Difference between dynamic and static converters

    Hi, I am looking to understand the difference between a static and a dynamic DAC. I will work on a project that has a very high number of analog outputs 30 IO. I need a Board of 16-bit resolution. I intend to update outputs at a low frequency in the order of 1 Hz (on user deand). I have suggested to use the NI PXI-6704 card with 32 outputs. In order to future-proof our equipment, we plan to buy a few boards that are capable of fast output update rate (a few hundred Hz). I want to know what I'm lost and win with static and dynamic converters. What advice (which are quite fast) would work better for this high number of IO? I'm looking at the 6733, but I am not quite convinced that it is the best alternative.

    Hello

    If you get all PXI/SMU modules, you'll either buy a controller MXI to connect to the desktop computer or to spend more money and get a controller embedded to the SMU chassis. If you want to run applications in real time in the future, you can spend more money upfront and get the controller shipped instead of the connection of MXI. MXI connection allows flexibility of system more than the on-board controller because it allows you to run additional devices that may not be available in PXI format. The two methods are the same in terms of future evidence, they just offer different possibilities (flexibility or real-time).

    Eric

  • Dynamic and static map crypto on a single interface

    I must apply encryption static and dynamic map to a single interface. is this possible?

    crypto ISAKMP policy 10
    md5 hash
    preshared authentication
    !
    crypto ISAKMP policy 11
    BA 3des
    md5 hash
    preshared authentication
    Group 5
    ISAKMP crypto key hronov address 50.76.65.124
    address of pardubice key crypto isakmp 0.0.0.0 0.0.0.0
    !
    !
    Crypto ipsec transform-set esp-3des esp-md5-hmac DYN - TS
    Crypto ipsec transform-set esp-3des esp-md5-hmac ESP_3DES_MD5
    transport mode
    !
    crypto dynamic-map 10 DYN
    game of transformation-DYN-TS
    !
    !
    !
    card crypto IPSEC 10-isakmp dynamic ipsec DYN
    !
    GRE_AND_IPSEC 11 ipsec-isakmp crypto map
    defined by peer 50.76.65.124
    game of transformation-ESP_3DES_MD5
    match address WILL

    Yes.  Slightly modified.

    Make the key of a site to so it can't be used for xauth (aka the authentication of the client).

    crypto isakmp key hronov address 50.76.65.124 no-xauth
    Make the specific card crypto site site come first (priority 10 in this case).
    crypto map IPSEC 10 ipsec-isakmp set peer 50.76.65.124 set transform-set ESP_3DES_MD5 match address GRE
    Do in this case priority low dynamic (60000) map.
    crypto map IPSEC 60000 ipsec-isakmp dynamic DYN

  • VPN site to Site with dynamic routing on ASAs

    I'm planning a backup connection to a primary site if our link main broken through two ASAs using site to site vpn.

    This is what I have resulted to date and just need to work through some issues and best practices.

    ##Regular connectivity and Internet traffic flow "> Primary_Internet".

    Backup_Internet - ASA - CoreA - router-->> Private_Wan<>

    ?? If Private_Wan a link down, use via ASA l2l Internet VPN to connect sites

    x - router - CoreA - ASA-->> VPN l2l<>

    ?? Once the link is available, preferred over the private Wan path must be used.

    A few questions,

    1. can I use a routing via the l2l VPN Protocol? VTI, GRE?

    2. If I enter OSPF or EIGRP, will be the last static use of each work in the ASA redistibuting?

    3. in execution of VPN l2l, using 'show the way' does not show available via the vpn routes, only "crypto ipsec to show his" watch info. Is this correct? If yes how metric would work for routes registered if all the links are up and there are many paths to the same subnet?

    Welllll,

    (2) I would keep as simple as possible, you can put all one VPN perhaps NSSA, if your ASA touch BB.

    (3) IPP on ASA is always the insertion of static routes, it is not the best way to generate the backup.

    Marcin

  • iSCSI - discovery dynamic vs. static?

    When you use iSCSI, there's an advantage to the use of static discovery from the dynamics for this?

    I understand when you use dynamic you point to one IP address and the TCP port and the initator iSCSI will communicate with the target and ask Lun, which will then be accessible. When you use static this information must be manually specified. Is that correct, and is there a reason to use static?

    You're right, dynamic discovery with initiator "SendTargets" send to a single IP address and port and if the target is listening on several names and addresses, all of them are sent to a form of TargetName and TargetAddress (incase #). I think that determine what are behind the target LUN is not part of dynamic discovery

    As for your second question, hardware server is probably more flexible in terms of network adapters that can be used, so software ISCSI is more flexible, allowing to configure several IP addresses.  Many have IP/port combinations the target gives many more options: one being the ability to connect to the storage of different networks (but which can also be performed on routed networks), the second being more paths in paths multiple configuration when same LUNS accessed using two different IP addresses. And finally, if this hash IP policy could be used for a better distribution of load between natachasery in NIC teaming configuration on the ESX host.

  • Adobe XML Dynamic vs static pdf

    I created a form with the lifecycle of the ES2 Designer, with actions.

    Once saved as Adobe Dynamic XML (pdf), it works perfectly, however the file size is about 1 MB.

    When I save it in static PDF, the file size is reduced to 195 k, but the actions don't work anymore.

    I need the size of small file because these documents opens on mobile devices. Is it possible to have the best of both worlds here?

    Either PDF static with job actions, or dynamic XML with a small file size.

    Any help would be appreciated.

    Thank you

    The problem is with the fonts used in the PDF file. You have used, Impact, Calibri, Courier New, as well as Myriad Pro native police.

    Because you used other than native fonts, the form is default incorporating these additional fonts in the PDF.

    Probably one of the police taking the size of the PDF file.

    You must change the font Myriad Pro or Arial which is light. (OR) you can make an image of the wording of policy Impact ("Notice of Violation" and "officer's report must be sent within 24 hours Security Office") and use it as a picture inside the PDF file.

    To remove an option Embedded fonts, goto file-> properties-> tab menu in Options.

    Here is the form with the Embed fonts option UNCHECKED. (54 KB). But the special fonts may not display correctly.

    https://Acrobat.com/#d=nWNcZv9QfO0s7Lkr5HbdEg

    I hope this helps.

    Thank you

    Srini

Maybe you are looking for

  • my iPhone 6s goes into landscape mode

    My iPhone 6s is locked in portrait orientation, so I can't use the landscape mode. How can I fix it?

  • I forgot my security answer! Help me!!

    I forgot my security questions and I do not show ((réinitialiser mes questions sécurité!!! et dans mon pays sans magasin pour m'aider!!)) SO I hope you help me quiclk

  • Help with Msn Messenger!

    Hello I wonder if someone could please help! Please bear with me as I am a novice user of this forum and the PC and all it's jargon ha! I have MSN Messenger 7.5, I used with no proplems in the past, but now, for some reason any Messenger guard signin

  • Linksys SGE2010P resets after power off the power

    Hello I have a linksys SGE2010P and when I configure and save works well, but after a power off the settings are default return. someone an idea? Rensk,

  • This disc hard solid state will be compatible with the HP Pavilion dm4-1265dx

    My drive hard stock is made for so I thought I'd take a bad situation and it becomes an opportunity to upgrade. I want to replace my hard drive with a 750 GB or 1 to SSD or hybrid, but having a lot of trouble to understand that it will be compatible.